An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials, gain elevated privileges, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks.